当前位置:网站首页>Detect certificate expiration script

Detect certificate expiration script

2020-11-06 21:29:59 Irving the procedural ape

Premise

It's always a hindsight , It's always a hindsight . The status quo is that whatever problems arise , Can not carry out early warning and intervention before the customer is unknown . In the morning, I had a chance to communicate with the R & D manager , Write this script , Trying to start with early warning .

From production k8s Cluster get realibox.cn Certificate , In the pre launch environment daemon Case study .

daemon Case study

# pwd/yufa/zhengshu/testlltotal 32-rw-r--r-- 1 root wheel 465B 9 9 09:50 test-ingress.yaml-rw-r--r-- 1 root wheel 711B 9 9 09:47 test.yaml-rw-r--r-- 1 root wheel 3.5K 9 9 09:24 tls.crt-rw-r--r-- 1 root wheel 1.6K 9 9 09:25 tls.key# kubectl -n realibox create secret tls realibox-cn --key ./tls.key --cert ./tls.crt# cat test.yamlapiVersion: v1kind: Servicemetadata: name: tomcat namespace: realiboxspec: selector: app: tomcat release: canary ports: - name: http port: 8080 targetPort: 8080 - name: ajp port: 8009 targetPort: 8009---apiVersion: apps/v1kind: Deploymentmetadata: name: tomcat-deploy namespace: realiboxspec: replicas: 1 selector: matchLabels:  app: tomcat  release: canary template: metadata:  labels:  app: tomcat  release: canary spec:  containers:  - name: tomcat  image: tomcat:7-alpine  ports:  - name: httpd   containerPort: 8080  - name: ajp   containerPort: 8009# cat test-ingress.yamlapiVersion: extensions/v1beta1kind: Ingressmetadata: name: ingress-tomcat-tls namespace: realibox annotations: kubernets.io/ingress.class: "kong"spec: tls: - hosts: - "*.realibox.cn"  # And secret The domain name of the certificate needs to be consistent  secretName: realibox-cn #secret The name of the certificate  rules: - host: zisefeizhu.realibox.cn http:  paths:  - path:  backend:   serviceName: tomcat   servicePort: 8080

image.png

Write a script to detect the expiration of domain name

I don't want to talk much about it

# cat check_daemon.sh#!/bin/bashsource /etc/profile# Define mailing lists maillist=( linkun@realibox.com #2350835860@qq.com)# Send mail function send_mail(){ SUBJECT="$1 The domain name is about to expire " if [ $2 -ge 0 ];then  CONTENT="$1: This domain name is about to expire , There is not enough time left $2 God , Please renew it in time !"  for mail in ${maillist[*]};do   echo -e "" Currently detected domain name :" $domain\n " Days left : " $days\n ${CONTENT} " | mail -s "${SUBJECT}" $mail  done else  day=$((-$2))  CONTENT="$1: This domain name has expired , Exceeded $day God , Please renew in time !"  for mail in ${maillist[*]};do   echo -e "${CONTENT}" | mail -s "${SUBJECT}" $mail  done fi}# testing mails Whether the order exists , If not, install mail package is_install_mail(){ which mail &> /dev/null if [ $? -ne 0 ];then  yum install -y mail fi}is_install_mail# Define the list of domain names to be detected domainlist=( zisefeizhu.realibox.cn)# Detect domain expiration time and notify for domain in ${domainlist[*]};do echo " Currently detected domain name :" $domain # Remove domain name expiration time  end_time=$(echo | timeout 1 openssl s_client -servername $domain -connect $domain:443 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null | awk -F '=' '{print $2}' ) ([ $? -ne 0 ] || [[ $end_time == '' ]]) && exit 10 end_times=`date -d "$end_time" +%s ` tmp=`date -d today +"%Y-%m-%d %T"` current_times=`date -d "$tmp" +"%s"` let left_time=$end_times-$current_times days=`expr $left_time / 86400` echo " Days left : " $days # Convert to timestamp  end_times=`date -d "$end_time" +%s ` # Displays the current time in the form of a timestamp  tmp=`date -d today +"%Y-%m-%d %T"` current_times=`date -d "$tmp" +"%s"` # The number of days left for domain name expiration  let left_time=$end_times-$current_times days=`expr $left_time / 86400` echo " Days left : " $days if .........

版权声明
本文为[Irving the procedural ape]所创,转载请带上原文链接,感谢